Our website has an AI chatbot, what do I need to disclose?
Under EU AI Act transparency rules users must know they are talking to an AI. Effective from August 2026 but already best practice.
Try this first
- 1Open the chat with a clear note "This is an AI assistant". Not buried in the footer.
- 2Offer an exit to a human. A "Chat with a colleague" button or a phone number. Pure-AI without a human safety net rarely works.
- 3Limit what the bot may promise. No prices, no contractual commitments, no legal advice unless explicitly trained and reviewed.
- 4Log conversations. For improvement, complaints, audit. Do not forget the GDPR notice on processing what the visitor types.
- 5Add the chatbot to your internal AI register, your processing register, and your privacy notice.
When to bring us in
If the bot processes special-category data (health, legal, financial advice), it moves toward high-risk under the AI Act. Not without a DPIA and review.
See also
- Does NIS2 apply to my company?Two questions decide it: are you in a listed sector, and do you meet the threshold from Recommendation 2003/361/EC (more than 50 FTE and more than EUR 10M turnover or balance sheet). Below that you are only indirectly in scope, via your customers. The threshold determines whether you are an important or essential entity depending on sector.
- What changes with the Dutch Cyber Security Act?The Cyberbeveiligingswet is the Dutch implementation of NIS2. Track NCSC for the exact effective date and the lower regulations.
- Am I personally liable as a director under NIS2?Yes. The board is accountable for approving and overseeing the cyber measures. Severe negligence can become personal.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.